Creating ABAC policies for a case and a user
You can create hierarchical attributes (to specify a defined ranking of values, represented as integers) and All Of and One Of conditions (to specify how to compare the multi-value attribute types between the user and object) on cases to determine who is authorized to access the case.
Note: You can create policies only for Work- and Data- classes.
To create attributes for a case and a user, complete the following steps.
- In Designer Studio open a case, choose a property field, where you want to enter:
- Multi-value attributes a comma-separated noun list.
- Hierarchical attributes a numerical value.
- Click Save.
-
Click Records > Security > Access Control Policy.
- In the Label field, enter the policy name.
- In the Context section in the Apply to (class) field, enter a class.
- In the Add to ruleset field, select a ruleset.
- Click Create and open.
- On the Definition tab, select the Disallow creation of a policy with the same name at a descendant class check box to prevent overriding the policy in a descendant class.
- In the Condition field, enter the policy condition rule name.
- Click Save.
- Click Records > Security > Access Control Policy Condition.
- In the Label field, enter the policy condition name.
-
In the Context section in the Apply to (class) field, enter the rule, to which the policy applies to.
- In the Add to ruleset field, select the ruleset.
- Click Create and open.
-
On the Definition tab in the Condition field, enter a condition name.
- In the Column source field, enter the property in which the case attributes are entered.
- In the Relationship field, select the numerical and string attributes.
- In the Value field, enter the attribute value or values (depending on the attribute type) that you want the condition to check.
Open topic with navigation